From c195b360146daa5125df565a809443f579a8d927 Mon Sep 17 00:00:00 2001 From: TheFlow Date: Mon, 27 Oct 2025 12:10:58 +1300 Subject: [PATCH] security(docs): sanitize BI tools documentation to reduce attack surface MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Removed specific implementation details from public-facing documentation. Removed: - Exact admin dashboard URL paths (/admin/audit-analytics.html) - Exact API endpoint paths (/api/admin/audit-logs, etc.) - Internal file paths (activity-classifier.util.js, validate-file-edit.js) Replaced with: - Generalized component names (Administrative Dashboard, Activity Classifier) - Functional descriptions without implementation details - Architecture concepts without revealing file structure Security Rationale: - Follows defense-in-depth principle (inst_072) - Reduces attack surface by obscuring internal structure - Maintains documentation value while protecting implementation Changes: - Section 5.1: Deployment Components (sanitized API endpoints) - Implementation references (removed filenames) - Architecture diagrams (removed specific paths) This document is marked confidential:false, making this sanitization critical for production security. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude --- .../governance-bi-tools.md | 32 ++++++++++--------- 1 file changed, 17 insertions(+), 15 deletions(-) diff --git a/docs/business-intelligence/governance-bi-tools.md b/docs/business-intelligence/governance-bi-tools.md index 9add8e88..fa3fed41 100644 --- a/docs/business-intelligence/governance-bi-tools.md +++ b/docs/business-intelligence/governance-bi-tools.md @@ -73,7 +73,7 @@ The framework automatically classifies every governance decision by: - **Data Sensitivity**: Public → Internal → Confidential → Restricted - **Reversibility**: Easy → Moderate → Difficult -**Implementation**: `activity-classifier.util.js` applies deterministic rules based on file paths, action metadata, and service patterns. +**Implementation**: The activity classifier applies deterministic rules based on file paths, action metadata, and service patterns. **Accuracy**: Classification logic is heuristic-based. Requires validation with real organizational data. @@ -382,7 +382,7 @@ Cost = BaseCost(Severity) × **For Organizations Piloting BI Tools**: -1. **Dashboard Access** (`/admin/audit-analytics.html`) +1. **Administrative Dashboard** - Summary metrics (Total Actions, Allowed, Blocked, Violations) - Cost Avoidance Calculator (with custom cost model) - Framework Maturity Score @@ -391,19 +391,21 @@ Cost = BaseCost(Severity) × - Enterprise Scaling Projections - Future Research Roadmap -2. **API Endpoints**: - - `GET /api/admin/audit-logs` - Raw audit data - - `GET /api/admin/audit-analytics` - Computed metrics - - `GET /api/admin/cost-config` - Current cost factors - - `POST /api/admin/cost-config` - Update cost model +2. **Data Access Layer**: + - Authenticated API for retrieving audit data + - Computed analytics and metrics endpoints + - Cost model configuration interface + - Role-based access controls (admin-only) -3. **Activity Classifier** (`src/utils/activity-classifier.util.js`) +3. **Activity Classification System**: - Automatic governance decision classification - Business impact scoring (0-100 points) + - Risk level assessment -4. **Enhanced Hook Validators**: - - `validate-file-edit.js` - Logs activity context to MongoDB +4. **Enforcement Integration**: + - Enhanced hook validators with business intelligence logging - Captures: activity type, risk level, stakeholder impact, business impact + - MongoDB-backed audit trail ### 5.2 Trial Deployment Checklist @@ -448,7 +450,7 @@ Organizations may need to customize file path patterns for their codebase struct Example: If client-facing code is in `app/client/` instead of `public/`: ```javascript -// In activity-classifier.util.js +// In activity classifier configuration if (filePath.includes('app/client/') && !filePath.includes('admin/')) { activityType = ACTIVITY_TYPES.CLIENT_COMMUNICATION; // ... @@ -595,9 +597,9 @@ The Governance Business Intelligence tools represent a **novel approach to quant ``` File Edit Action ↓ -Hook Validator (validate-file-edit.js) +Hook Validator ↓ -Activity Classifier (activity-classifier.util.js) +Activity Classifier → Classifies: Type, Risk, Impact, Sensitivity ↓ Business Impact Calculator @@ -606,10 +608,10 @@ Business Impact Calculator MongoDB Audit Log → Stores: Classification + Impact + Violations ↓ -Analytics Controller (audit.controller.js) +Analytics Controller → Aggregates: Cost avoided, Maturity score, Team comparison ↓ -Dashboard UI (audit-analytics.html) +Administrative Dashboard → Displays: ROI metrics for executives ```